Topic 9 - AF Chapter 5 Slides 2 of 3

Uploaded by

hantojvr

0% found this document useful (0 votes)

0 views8 pages

Original Title

Topic 9_AF Chapter 5 Slides 2 of 3

Copyright

Available Formats

PPTX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pptx, pdf, or txt

0% found this document useful (0 votes)

0 views8 pages

Topic 9 - AF Chapter 5 Slides 2 of 3

Uploaded by

hantojvr

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as pptx, pdf, or txt

Jump to Page

You are on page 1of 8

Search inside document

1

Topic 9 – Controls related to the overall computer

environment (IT GENERAL CONTROLS)

Week: 20 – 24 May 2024

This session’s objective is to:
1. Define and explain general controls; and
2. understand, explain and apply the following five
categories of general controls in a practical scenario:
- Organisational controls and personnel practices
- System development and change controls
- Business continuity controls
- Operating controls
- Access controls

2
Sources:
- Auditing Fundamentals 2nd Edition: Chapter 5,
pages 152 – 169
- Graded Questions 3rd Edition: Chapter 5

3
5.8.1 Organisational controls and personnel practices
 Delegation of responsibility
- Steering committee
- CIO
- IT manager

 Segregation of duties
- Between development (technical staff), operations and security is key.

 Reporting, supervision and review

- Independent review of logs is extremely important.

 Personnel practices
- Issues to consider: Employing, leave, rotation of duties, training and
dismissals/resignations

Slide 4
3
5.8.2 Systems development and change controls
 SDLC
- Request submission, needs assessment and selection
- Planning and design
- Systems development and testing (5 types of testing)
- Implementation
- Post-implementation review

 Program change controls

- Process should be similar to the SDLC

Slide 5
4
5.8.3 Access controls
 Distinguish between physical and logical access
 Preventative
- Security policy
- Physical access
- Logical access (ID, Authentication and Authorisation)
 Detective and corrective
- Logs, registers and reports
 Other security controls
- Library
- Communication (Encryption, Firewalls, call-back, anti-virus and
independent certification)

Slide 6
5
5.8.4 Business continuity controls
 Risks can be physical or logical
 Preventative
- Security policy
- Physical access
- Logical access (ID, Authentication and Authorisation)

 Detective and corrective

- Back-ups and an emergency recovery plan
- Insurance

Slide 7
6
5.8.5 Operating controls and maintenance
 Technical in nature
- Scheduling
- Standards and policies
- Managing data, programs and documentation
- Logs
- Policies for users

Slide 8
7

SSCP / Cissp Notes I Used To Pass
Document43 pages
SSCP / Cissp Notes I Used To Pass
milo_andy
100% (4)
Auditor's Guide to IT Auditing
From Everand
Auditor's Guide to IT Auditing
Richard E. Cascarino
Rating: 4.5 out of 5 stars
4.5/5 (3)
SSCP / Cissp Notes I Used To Pass
Document43 pages
SSCP / Cissp Notes I Used To Pass
psudharsan
100% (6)
Operationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work
From Everand
Operationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work
Scott Gordon
No ratings yet
The Operational Auditing Handbook: Auditing Business and IT Processes
From Everand
The Operational Auditing Handbook: Auditing Business and IT Processes
Andrew Chambers
Rating: 4.5 out of 5 stars
4.5/5 (4)
Information Systems Auditing: The IS Audit Testing Process
From Everand
Information Systems Auditing: The IS Audit Testing Process
Robert E. Davis
Rating: 1 out of 5 stars
1/5 (1)
IT General Control Presentation PaulPerry
Document21 pages
IT General Control Presentation PaulPerry
arif420_999
No ratings yet
The Role of IT Audit
Document30 pages
The Role of IT Audit
Trifan_Dumitru
No ratings yet
Chapter 8
Document3 pages
Chapter 8
Shienell Pinca
No ratings yet
Information Systems Control and Audit
Document429 pages
Information Systems Control and Audit
Mayank Jain
100% (3)
Information Security Transformation-Nahil Mahmood-Lecture 16
Document9 pages
Information Security Transformation-Nahil Mahmood-Lecture 16
Muhammad Asim Mubarik
No ratings yet
IT Audit Fundamentals Course Content
Document45 pages
IT Audit Fundamentals Course Content
asebe
No ratings yet
Ite2015 Information-System-Audit TH 1.0 37 Ite2015
Document2 pages
Ite2015 Information-System-Audit TH 1.0 37 Ite2015
venkatsai eleth
No ratings yet
Cyber Boot Camp - Day 05 - Cyber Security Framework
Document3 pages
Cyber Boot Camp - Day 05 - Cyber Security Framework
Anna Margarita de Vega
No ratings yet
CSJJD
Document20 pages
CSJJD
manu
No ratings yet
Assignment 3 1
Document46 pages
Assignment 3 1
Dine Capua
No ratings yet
Syllabus CISA
Document9 pages
Syllabus CISA
PRATEEK
No ratings yet
Syllabus in Accounting Information System
Document7 pages
Syllabus in Accounting Information System
Jinx Cyrus Rodillo
100% (1)
CHAPTER 8 - Internal Audit Tools and Techniques STDT
Document39 pages
CHAPTER 8 - Internal Audit Tools and Techniques STDT
Nor Syahra Ajinim
No ratings yet
Key Tables, Charts and Flows For SSCP - CISSP
Document45 pages
Key Tables, Charts and Flows For SSCP - CISSP
Kevin Huang
No ratings yet
Control and Ais
Document26 pages
Control and Ais
Davidea Rahma
No ratings yet
Cobit 5 - CSF-Jul2012
Document27 pages
Cobit 5 - CSF-Jul2012
Zaldy Gunawan
No ratings yet
CISSP Lance Notes
Document45 pages
CISSP Lance Notes
Salman Ahmad
100% (2)
System Life Cycle Methodologies
Document55 pages
System Life Cycle Methodologies
Yosep Dwi Setyanto
No ratings yet
02 - AFA - PPT - Unit 5
Document38 pages
02 - AFA - PPT - Unit 5
tfknr
No ratings yet
Ethics Fraud and Internal Contorl Lanjutan
Document16 pages
Ethics Fraud and Internal Contorl Lanjutan
Ferry TigerHeart
No ratings yet
Materi 05. Pengembangan Dan Analisis Sistem
Document32 pages
Materi 05. Pengembangan Dan Analisis Sistem
Raihan Yonaldii
No ratings yet
System Life Cycle Methodologies: Management Information Systems 8/E Raymond Mcleod, Jr. and George Schell
Document55 pages
System Life Cycle Methodologies: Management Information Systems 8/E Raymond Mcleod, Jr. and George Schell
Abdul Latif
No ratings yet
CHAPTER 8 - Internal Audit Tools and Techniques 2019
Document41 pages
CHAPTER 8 - Internal Audit Tools and Techniques 2019
NORAZIAN HUSSIN
No ratings yet
Security Audit
Document31 pages
Security Audit
Tarang Shah
100% (2)
Chapter Four Information Technology and Auditing
Document78 pages
Chapter Four Information Technology and Auditing
abel habtamu
No ratings yet
Application Development
Document2 pages
Application Development
Yamuna
No ratings yet
TOPIC 6 - Implication of IT On IA
Document38 pages
TOPIC 6 - Implication of IT On IA
Hanis Zahira
No ratings yet
CH 11 and 12 and 13 On SDLC
Document6 pages
CH 11 and 12 and 13 On SDLC
QK Vlogs
No ratings yet
Training Workshop On IT Auditing
Document2 pages
Training Workshop On IT Auditing
Oluwaseun Matthew
No ratings yet
Information System Auditing: Yu Xiaobing (余小兵) CISA
Document47 pages
Information System Auditing: Yu Xiaobing (余小兵) CISA
Mishaal Akram Shafi
No ratings yet
Auditing in A Computer Systems (Cis)
Document8 pages
Auditing in A Computer Systems (Cis)
John David Alfred Endico
No ratings yet
TCLG Information Security ISO Standards Feb 2015 PDF
Document28 pages
TCLG Information Security ISO Standards Feb 2015 PDF
Christian Aquino
No ratings yet
Pertemuan 3 - Sesi 5 Dan 6
Document70 pages
Pertemuan 3 - Sesi 5 Dan 6
Sheila Najla
No ratings yet
8 Protection of Information Assets
Document59 pages
8 Protection of Information Assets
Hassaan Sarfraz
100% (1)
Pertemuan 2 - Information System Risk and Control
Document72 pages
Pertemuan 2 - Information System Risk and Control
Rey Ra
No ratings yet
Auditing Identity and Access Management: 2nd Edition
Document22 pages
Auditing Identity and Access Management: 2nd Edition
John Wilben Sibayan Ü
No ratings yet
Information System Audit Process: by Dr. Selasi Ocansey
Document17 pages
Information System Audit Process: by Dr. Selasi Ocansey
Hannett Wood
No ratings yet
308 Information System Audit PDF
Document3 pages
308 Information System Audit PDF
yn sagala
0% (1)
Marinelli Audit Trail SOP Template
Document26 pages
Marinelli Audit Trail SOP Template
m.monir.sa
No ratings yet
EDP Summary PDF
Document6 pages
EDP Summary PDF
thrisawan bunsiritawesup
No ratings yet
Chapter 7 - COSO ERM: (1) Internal Environment
Document24 pages
Chapter 7 - COSO ERM: (1) Internal Environment
Naresh Kumar
No ratings yet
4 Operations Security
Document69 pages
4 Operations Security
Ruppee Edward
No ratings yet
Chap 1 Intro To Methodology
Document33 pages
Chap 1 Intro To Methodology
shalven
No ratings yet
Certified Information Systems Auditor (CISA) : About This Course
Document2 pages
Certified Information Systems Auditor (CISA) : About This Course
simha1177
No ratings yet
Security Audit Course Project
Document6 pages
Security Audit Course Project
maryam
No ratings yet
Access Control Domain: Cissp Common Body of Knowledge Review
Document86 pages
Access Control Domain: Cissp Common Body of Knowledge Review
Karan Mehta
No ratings yet
Domain 5 - PPT Slides
Document64 pages
Domain 5 - PPT Slides
sondos
No ratings yet
01-03 Introduction and Foundations of Is Audit v.1.0
Document28 pages
01-03 Introduction and Foundations of Is Audit v.1.0
Arie Raffli
No ratings yet
Auditing in CIS EnvironmentBIT006WFAsystemssecurity
Document28 pages
Auditing in CIS EnvironmentBIT006WFAsystemssecurity
John David Alfred Endico
No ratings yet
Tekgem IACS Cyber Security Assessment
Document8 pages
Tekgem IACS Cyber Security Assessment
Lynsey Stephenson
No ratings yet
Security Plus SY0-701 Domain 5 Handout
Document126 pages
Security Plus SY0-701 Domain 5 Handout
hamed.qaderi.721
No ratings yet
My IT Audit Notes
Document1 page
My IT Audit Notes
padhu_lp
No ratings yet
Information Systems Audit Report: Presented by - Sanjiv Arora, Cisa, Cism, Cgeit
Document15 pages
Information Systems Audit Report: Presented by - Sanjiv Arora, Cisa, Cism, Cgeit
delhi guy
No ratings yet
Integrated Management System Audit - SafetyCulture
Document24 pages
Integrated Management System Audit - SafetyCulture
Khamid Cha Midovic
No ratings yet
AI 102 Dump1
Document201 pages
AI 102 Dump1
Pawan N
No ratings yet
Java Array
Document22 pages
Java Array
Telkomsel Ku
No ratings yet
F
Document109 pages
F
diego corvalan
No ratings yet
Day 40 AWS EC2 Automation
Document11 pages
Day 40 AWS EC2 Automation
Rathod Chintu
No ratings yet
CSC130CEx6S PDF
Document4 pages
CSC130CEx6S PDF
mohammed
No ratings yet
Helcom Plus: Database Functional Design Document
Document15 pages
Helcom Plus: Database Functional Design Document
kris
No ratings yet
Arithmetic Circuits-2: - Multipliers - Shifters
Document15 pages
Arithmetic Circuits-2: - Multipliers - Shifters
PADMA SATHEESAN
No ratings yet
Theory of Computation
Document166 pages
Theory of Computation
Vive Kowsal Yaniss
100% (1)
Multitasking - Foreground/Background Processing - Task Control Block (TCB) Model - Simplicity
Document6 pages
Multitasking - Foreground/Background Processing - Task Control Block (TCB) Model - Simplicity
Sayyed Salman Mehdi Mosvi
No ratings yet
Amrutvahini Polytechnic, Sangamner Department of Computer Technology ACADEMIC YEAR:-2021-2022
Document11 pages
Amrutvahini Polytechnic, Sangamner Department of Computer Technology ACADEMIC YEAR:-2021-2022
Darade Akanksha
No ratings yet
F
Document103 pages
F
johaldiel muring
No ratings yet
78200X V13.25 20 Abril 2022
Document32 pages
78200X V13.25 20 Abril 2022
Samuel Gallego
No ratings yet
InternImage: Exploring Large-Scale Vision Foundation Models With Deformable Convolutions
Document11 pages
InternImage: Exploring Large-Scale Vision Foundation Models With Deformable Convolutions
Saurabh Vijay
No ratings yet
Temperature Prediction by Machine Learning Using Bolt Cloud
Document6 pages
Temperature Prediction by Machine Learning Using Bolt Cloud
IJRASETPublications
No ratings yet
Satellite Router Eastar
Document54 pages
Satellite Router Eastar
Yur
No ratings yet
GA-E6010N: User's Manual
Document32 pages
GA-E6010N: User's Manual
Miguel Angel Palos M.
No ratings yet
School Management Project C++
Document29 pages
School Management Project C++
Bhavesh K
No ratings yet
AVR128DA28 32 48 64 Data Sheet 40002183C
Document684 pages
AVR128DA28 32 48 64 Data Sheet 40002183C
calltokamal
No ratings yet
Exam Hall Findout Alert System
Document3 pages
Exam Hall Findout Alert System
atozdhiyanes
No ratings yet
A CMOS Broadband Power Amplifier With A Transformer-Based High-Order Output Matching Network
Document14 pages
A CMOS Broadband Power Amplifier With A Transformer-Based High-Order Output Matching Network
Zyad Iskandar
No ratings yet
Chapter 01 Slides
Document22 pages
Chapter 01 Slides
Trang Phạm
No ratings yet
PACKAGE and TRIGGERS
Document6 pages
PACKAGE and TRIGGERS
Sai Krishna
No ratings yet
Course Reactjs
Document137 pages
Course Reactjs
AIT SALAH Massinissa
No ratings yet
Project Report ON: Maharani Laxmibai College of Technology
Document8 pages
Project Report ON: Maharani Laxmibai College of Technology
Divya Singh
No ratings yet
DBMS (1 - 5 Units)
Document128 pages
DBMS (1 - 5 Units)
jagan nathan
No ratings yet
Brocade Sannav Management Portal Installation and Migration Guide, 2.1.0X
Document40 pages
Brocade Sannav Management Portal Installation and Migration Guide, 2.1.0X
aldozp1
No ratings yet
Anonymous and Traceable Group Data Sharing in Cloud Computing
Document84 pages
Anonymous and Traceable Group Data Sharing in Cloud Computing
vikas gupta
No ratings yet
Advantech Adam 3600 Intelligent Rtu Ebook
Document33 pages
Advantech Adam 3600 Intelligent Rtu Ebook
rusnardi hanif raditya
No ratings yet
Chapter 01
Document47 pages
Chapter 01
Nazrin Manshor
No ratings yet
Smit Vipul Kalamkar - CV
Document2 pages
Smit Vipul Kalamkar - CV
Chetan Dadhaniya
No ratings yet